Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Terraria_1.4.4.9.zip

windows7-x64

7

Terraria_1.4.4.9.zip

windows10-2004-x64

1

Terraria_1...p3.zip

windows7-x64

1

Terraria_1...p3.zip

windows10-2004-x64

1

AlbumArtSmall.jpg

windows7-x64

3

AlbumArtSmall.jpg

windows10-2004-x64

3

Folder.jpg

windows7-x64

3

Folder.jpg

windows10-2004-x64

3

Re-Logic -...ay.mp3

windows7-x64

1

Re-Logic -...ay.mp3

windows10-2004-x64

6

Re-Logic -...ie.mp3

windows7-x64

1

Re-Logic -...ie.mp3

windows10-2004-x64

6

Re-Logic -...ht.mp3

windows7-x64

1

Re-Logic -...ht.mp3

windows10-2004-x64

6

Re-Logic -...en.mp3

windows7-x64

1

Re-Logic -...en.mp3

windows10-2004-x64

6

Re-Logic -...nd.mp3

windows7-x64

1

Re-Logic -...nd.mp3

windows10-2004-x64

6

Re-Logic -... 1.mp3

windows7-x64

1

Re-Logic -... 1.mp3

windows10-2004-x64

6

Re-Logic -...le.mp3

windows7-x64

1

Re-Logic -...le.mp3

windows10-2004-x64

6

Re-Logic -...on.mp3

windows7-x64

1

Re-Logic -...on.mp3

windows10-2004-x64

6

Re-Logic -...on.mp3

windows7-x64

1

Re-Logic -...on.mp3

windows10-2004-x64

6

Re-Logic -...ow.mp3

windows7-x64

1

Re-Logic -...ow.mp3

windows10-2004-x64

6

Re-Logic -... 2.mp3

windows7-x64

1

Re-Logic -... 2.mp3

windows10-2004-x64

6

Re-Logic -...ow.mp3

windows7-x64

1

Re-Logic -...ow.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2024, 17:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Re-Logic - Terraria Soundtrack - 08 Corruption.mp3

  • Size

    6.4MB

  • MD5

    1a6ceb9e0469dbdd2bbf0a675267c33a

  • SHA1

    fe9fbd477207a17dce7066e14448419acc8d55b3

  • SHA256

    6b828db640ed0ad2679d4cb0bb718b89e738db7e1404f99d09e641f25cd55063

  • SHA512

    1f44c85b89e4c2f52a9be41aaf3db8e90f8038eaaef1a2d51c20d6ab3bb858ce59aca468ba29f745e3829c779a682c7bcc386866d6a375dc2fe98830a6e3329e

  • SSDEEP

    196608:PLBqD0+RirJWIhas8gbG60QLMHZqx8pKQJNeL:PL0D0+orJhhnbntMHMxmzyL

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Re-Logic - Terraria Soundtrack - 08 Corruption.mp3"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3688
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3380
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2988
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:4224
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x398 0x37c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1216

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    22.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    musicmatch-ssl.xboxlive.com
    wmplayer.exe
    Remote address:
    8.8.8.8:53
    Request
    musicmatch-ssl.xboxlive.com
    IN A
    Response
    musicmatch-ssl.xboxlive.com
    IN CNAME
    musicmatch-ssl.xboxlive.com.edgekey.net
    musicmatch-ssl.xboxlive.com.edgekey.net
    IN CNAME
    e87.dspb.akamaiedge.net
    e87.dspb.akamaiedge.net
    IN A
    2.17.4.7
  • flag-gb
    POST
    https://musicmatch-ssl.xboxlive.com/cdinfo/GetMDRCD.aspx?locale=409&geoid=f4&version=12.0.19041.1266&userlocale=409&requestID=3C38DE7A-8844-4AD3-B1CF-F4577C735AC7
    wmplayer.exe
    Remote address:
    2.17.4.7:443
    Request
    POST /cdinfo/GetMDRCD.aspx?locale=409&geoid=f4&version=12.0.19041.1266&userlocale=409&requestID=3C38DE7A-8844-4AD3-B1CF-F4577C735AC7 HTTP/1.1
    Accept: */*
    User-Agent: Windows-Media-Player/12.0.19041.1288
    Content-Type: text/xml
    Accept-Encoding: gzip, deflate
    Host: musicmatch-ssl.xboxlive.com
    Content-Length: 452
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Cache-Control: no-cache, no-store
    Content-Length: 249
    Content-Encoding: gzip
    MS-CV: zo+hu3cR90Cn9TKHAoDTNA.0
    X-Content-Type-Options: nosniff
    Vary: Accept-Encoding
    Date: Mon, 14 Oct 2024 17:40:35 GMT
    Connection: keep-alive
  • flag-us
    DNS
    7.4.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    7.4.17.2.in-addr.arpa
    IN PTR
    Response
    7.4.17.2.in-addr.arpa
    IN PTR
    a2-17-4-7deploystaticakamaitechnologiescom
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 815230
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 21CDC9F9F20F4423ABCB92FF582B2E95 Ref B: LON601060105025 Ref C: 2024-10-14T17:41:57Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 195935
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 6479EE9B782F4EED8112CBB372A4F908 Ref B: LON601060105025 Ref C: 2024-10-14T17:41:57Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 712130
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A56ED6EEE60A4BA9B8B09B761C1BD71B Ref B: LON601060105025 Ref C: 2024-10-14T17:41:57Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 193575
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 34F3B64726284FDD81F9E16B4F602786 Ref B: LON601060105025 Ref C: 2024-10-14T17:41:57Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 843567
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2FF0DD9B67114C4F8586D70E4613142A Ref B: LON601060105025 Ref C: 2024-10-14T17:41:57Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 688476
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0976A82889A64AF498C5B93DF18C06A3 Ref B: LON601060105025 Ref C: 2024-10-14T17:41:58Z
    date: Mon, 14 Oct 2024 17:41:57 GMT
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    10.28.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.28.171.150.in-addr.arpa
    IN PTR
    Response
  • 2.17.4.7:443
    https://musicmatch-ssl.xboxlive.com/cdinfo/GetMDRCD.aspx?locale=409&geoid=f4&version=12.0.19041.1266&userlocale=409&requestID=3C38DE7A-8844-4AD3-B1CF-F4577C735AC7
    tls, http
    wmplayer.exe
    1.6kB
     5.0kB
     11
    11

    HTTP Request

    POST https://musicmatch-ssl.xboxlive.com/cdinfo/GetMDRCD.aspx?locale=409&geoid=f4&version=12.0.19041.1266&userlocale=409&requestID=3C38DE7A-8844-4AD3-B1CF-F4577C735AC7

    HTTP Response

    200
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    78.0kB
     3.6MB
     1568
    2600

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360433542_1UJC4903W7XNIUU73&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360433543_1F4HJPO10Z3VYH0SK&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    972 B
     6.9kB
     11
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.0kB
     6.9kB
     12
    13
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    22.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    71.209.201.84.in-addr.arpa
    dns
    72 B
     132 B
     1
    1

    DNS Request

    71.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    musicmatch-ssl.xboxlive.com
    dns
    wmplayer.exe
    73 B
     176 B
     1
    1

    DNS Request

    musicmatch-ssl.xboxlive.com

    DNS Response

    2.17.4.7

  • 8.8.8.8:53
    7.4.17.2.in-addr.arpa
    dns
    67 B
     127 B
     1
    1

    DNS Request

    7.4.17.2.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    10.28.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.28.171.150.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    063793e4ba784832026ec8bc3528f7f1

    SHA1

    687d03823d7ab8954826f753a645426cff3c5db4

    SHA256

    cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

    SHA512

    225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    627ca585cc2d317a91e2b266c45833a9

    SHA1

    6bab91749945c1108f3df277db44296a3aaa5004

    SHA256

    6eac0cf9652abef7549ae5a71548b5d8740e66f890d8629e16194b34e1ba1832

    SHA512

    dd6134dc7252a53ed0df8122e5e714c1a34e53e4585188c1b61d3a709bdd077a0f6b2072d76919fd9a6e5b747694beebe8df06e18458e40035d1b3f881620f0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    e347afd08fbd603f188bc858d6a57b42

    SHA1

    30fde518b5f395c16834ddd7b18cfa7ef0f464d6

    SHA256

    49de40ac228c2a7241c8708bf5433aad30d67b9632a15a5baf9df11f11bea527

    SHA512

    f94a9717e1f6bb992fe0e6fdf7a34ad8d11d0bf453ffea3076f6f1b6c962ffcec7f762f8ba08e85eac3b26caf49545ba264e056158003ae1f474a1e1740458c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    dc17714abc8f59c191f8c3ae711fd4d6

    SHA1

    e2926a4ec7d9668f87e1979e18b29f0d00b43f61

    SHA256

    2f8883e4687cfa59aef235895af01a2d3308d5a6122ed5aa23b5aede7d588a8c

    SHA512

    b3a501d9ccdb5292f390c54cea79f015f8f63ed42092e1f2e7ebcfc0a42e7891f17e60b199c01ffc4e2aa2331ea6fb54ce3d162d5791011fe9c7da9ffd6bbee1

    Download Submit

  • memory/3688-34-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-33-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-32-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-31-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-36-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-35-0x0000000006880000-0x0000000006890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-44-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-46-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-47-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-48-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-49-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-52-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-51-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-53-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-54-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-57-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-56-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-55-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-59-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-61-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-63-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-64-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-65-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-62-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-66-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-67-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-68-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-69-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-70-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-73-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-74-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-71-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-75-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-76-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-77-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-78-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-79-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-80-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-82-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-81-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-85-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-84-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-83-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-86-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-88-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-90-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-92-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-91-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-89-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-93-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-94-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-95-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-96-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-97-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-99-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-100-0x0000000008130000-0x0000000008140000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-98-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-101-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-103-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-104-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-105-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-107-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-108-0x0000000008190000-0x00000000081A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3688-106-0x00000000081A0000-0x00000000081B0000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.